Scripting with Least Privilege

The Principle of Least Privilege says that software shouldn't be
executed with more authority than it needs to get its job
done. Unfortunately, following this principle is hard; most
operating systems are configured so that the scripts and programs you
run can do anything you can.

Shill is a shell scripting language designed to make it easy to follow the
Principle of Least Privilege. Shill uses capabilities to
control what access scripts have to your system. Every Shill script comes
with a contract that describes what it can do, so users can
run third-party scripts with confidence. Using capability-based
sandboxes, Shill's security guarantees extend even to native
executables launched by scripts.

Getting started

You can find installation instructions in the manual. You can find a number of example
scripts in the Shill source distribution.